Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

156 advisories

Loading
Withdrawn: Arbitrary code execution in lodash Low Unreviewed
CVE-2021-41720 was published for lodash (npm) Dec 3, 2021
Command injection in @diez/generation Low
CVE-2021-32830 was published for @diez/generation (npm) Sep 2, 2021
User content sandbox can be confused into opening arbitrary documents Low
CVE-2021-21320 was published for matrix-react-sdk (npm) Mar 3, 2021
keerok
Path traversal in Node-Red Low
CVE-2021-21298 was published for @node-red/runtime (npm) Feb 26, 2021
Token verification bug in next-auth Low
CVE-2021-21310 was published for next-auth (npm) Feb 11, 2021
AlessandroA balazsorban44
iaincollins
Parse Server stores password in plain text Low
CVE-2020-26288 was published for parse-server (npm) Dec 28, 2020
fastrde depsir
XSS in Vega Low
CVE-2020-26296 was published for vega (npm) Dec 30, 2020
Regular Expression Denial of Service (ReDoS) in braces Low
CVE-2018-1109 was published for braces (npm) Jan 6, 2022
Prefix escape Low
CVE-2021-21322 was published for fastify-http-proxy (npm) Mar 3, 2021
Denial of service in fast-csv Low
CVE-2020-26256 was published for @fast-csv/parse (npm) Dec 8, 2020
Unprotected dynamically loaded chunks Low
CVE-2020-15262 was published for webpack-subresource-integrity (npm) Oct 19, 2020
Environment Variable Injection in GitHub Actions Low
CVE-2020-15228 was published for @actions/core (npm) Oct 1, 2020
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect Low
CVE-2022-31151 was published for undici (npm) Jul 21, 2022
Haxatron
jquery.terminal self XSS on user input Low
CVE-2021-43862 was published for jquery.terminal (npm) Jan 6, 2022
Nahiiko
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid Low
CVE-2022-36036 was published for mdx-mermaid (npm) Aug 31, 2022
sjwall
Regular expression denial of service in markdown-link-extractor Low
CVE-2021-43308 was published for markdown-link-extractor (npm) Jun 3, 2022
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log Low
CVE-2022-31186 was published for next-auth (npm) Aug 6, 2022
ShuPink
parse-server auth adapter app ID validation can be circumvented Low
CVE-2022-39231 was published for parse-server (npm) Sep 21, 2022
KarolisBan
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled Low
CVE-2022-29247 was published for electron (npm) Jun 16, 2022
TheGrandPew msrkp
Cross-site Scripting in bootstrap-table Low
CVE-2021-23472 was published for bootstrap-table (npm) Nov 8, 2021
Command Injection in moment-timezone Low
GHSA-56x4-j7p9-fcf9 was published for moment-timezone (npm) Aug 30, 2022
scovetta
personnummer/js vulnerable to Improper Input Validation Low
GHSA-vpgc-7h78-gx8f was published for personnummer (npm) Sep 4, 2020
URL parsing in node-forge could lead to undesired behavior. Low
GHSA-gf8q-jrpm-jvxq was published for node-forge (npm) Jan 8, 2022
kurt-r2c
express-basic-auth Timing Attack due to native string comparison instead of constant time string comparison Low
GHSA-c35v-qwqg-87jc was published for express-basic-auth (npm) Jun 6, 2019
ircdkit vulnerable to Denial of Service due to unhandled connection end event Low
GHSA-f7r3-p866-q9qr was published for ircdkit (npm) Jun 3, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database